Persons using assistive technology might not be able to fully access information in this file. For assistance, please send e-mail to: mmwrq@cdc.gov. Type 508 Accommodation and the title of the report in the subject line of e-mail.

Public Health Information Network ---
Improving Early Detection by Using a Standards-Based Approach
to Connecting Public Health and Clinical Medicine

Abstract

Public health departments and their clinical partners are moving ahead rapidly to implement systems for early detection of disease outbreaks. In the urgency to develop useful early detection systems, information systems must adhere to certain
standards to facilitate sustainable, real-time delivery of important data and to make data available to the public health partners who verify, investigate, and respond to outbreaks. To ensure this crucial interoperability, all information systems supported
by federal funding for state and local preparedness capacity are required to adhere to the Public Health Information
Network standards.

Introduction

The 2003 National Syndromic Surveillance
Conferencefocused on design, development, and evaluation of systems that
can rapidly detect terrorism-related outbreaks as well as naturally occurring epidemics. Public health departments and their clinical partners understand the urgency to have systems in place to support early detection and are moving ahead rapidly
to implement systems that will provide early detection functionality. These systems obtain data from multiple sources,
including traditional clinical-care delivery sites and clinical laboratories, as well as less traditional health-monitoring data sources (e.g., nurse call centers, over-the-counter retail sales, work and school absenteeism data, veterinary health data, or information
from biologic-sensing devices). In their urgency to develop early detection systems, system developers should
incorporate information-system standards to facilitate sustainable, real-time delivery of important data and to make data available to the public health partners who verify, investigate, and respond to outbreaks. To ensure this crucial interoperability, all
information systems supported by federal funding for state and local preparedness capacity are required to use set
information-system standards (1).

Standards-based system development is critical for three major reasons. First, the need for real-time information
from multiple sources can best be accomplished by standards-based electronic messaging. Although individual custom interfaces
can be created with the myriad potentially useful data sources, the cost of development would be prohibitive and the complexity
of developing and managing such an array of custom interfaces would be formidable. The specification for standard Health
Level 7 (HL7) (2) messages for early detection data permits health departments to leverage
integration-broker technology and health-care delivery site information technology (IT) capacity for creation and processing of these standard HL7 electronic messages.

Second, the use of standards enables health departments to leverage previous investments in their IT infrastructures.
Systems to support public health capacity for outbreak management, response, alerting, and information dissemination have been under development since Fiscal Year (FY) 1999 investments in the Health Alert Network and FY 2000 funding for
the National Electronic Disease Surveillance System (NEDSS). A detection system is most valuable when it can
communicate with those systems needed to investigate and respond to an epidemic. The availability of standards-based shareable directories, system security, and channels for bidirectional
secure communication can support public health agencies'
capacity to respond to outbreaks and provide key elements for early detection systems.

Finally, a consistent standards-based approach limits the burden on partners in the clinical-care delivery sector.
Health-care providers and hospitals provide information to public health agencies for early detection and routine surveillance as part of their community responsibility. They are not compensated for the cost of providing that information. By using
standard formats and electronic reporting, public health agencies can minimize the burden involved in reporting diseases and,
ideally, use information that is already available in electronic format within the health-care delivery system.

Nationally, the importance of standards-based, interoperable electronic health records to support objectives for quality and safety within the health-care delivery system has been increasingly recognized. The National Committee on Health and Vital Statistics has recognized standards as an integral part of the National Health Information Infrastructure
(3). The critical role of standards has also been endorsed by the U.S.
Department of Health and Human Services and the federal government through
the Consolidated Health Informatics Initiative, a federal eGov initiative
(4). Connecting for Health, a broad-based
consortium of foundations, provider organizations, systems developers, and government organizations, is also pursuing this objective (5). These efforts have already identified and endorsed a number of relevant standards that can be used in early detection systems for the interchange of data between the clinical sector and public health.

To define how these broad standards can be implemented in surveillance systems that support the specific needs of
public health practice, CDC and its state and local health department partners have identified key specifications and functions described as the Public Health Information Network (PHIN). By identifying standards for technology, data, vocabulary,
and information security, PHIN is designed to enable the consistent exchange of health, disease-tracking, and response data among public health partners, to protect the security of these data, and to ensure the network's reliability in times of national crisis.

PHIN addresses five major functional areas --- detection and monitoring, data analysis, knowledge management,
alerting, and response. To support these public health functions, CDC and partners have developed specifications for nine IT functions, identifying the key vocabulary and technical standards relevant for creation of PHIN
(6). These nine functions are as follows:

automated exchange of data between public health partners;

use of electronic clinical data for event detection;

manual data entry for event detection and management;

specimen and lab result information management and exchange;

management of possible case, contacts, and threat data;

analysis and visualization;

directories of public health and clinical personnel;

public health information dissemination and alerting; and

IT security and critical infrastructure protection.

Public Health Information Network ---Functions and Specifications Relevant to Early Detection

Of the nine PHIN functions that should be incorporated into commercially or locally developed early detection systems, the following six functions have particular relevance to early detection:

Automated exchange of data between public health partners (No. 1) and use of the electronic clinical data for event detection (No. 2). These standards address the use of electronic messages to transmit data from a clinical source over the Internet to the health department using secure encryption. These messages can be generated
automatically on the basis of prior agreements by the trading partners regarding which data are potentially relevant for public health. The use of electronic messaging provides near real-time transmission of data needed to support early detection. The format
standard used for messaging is HL7, one of the standards identified by the National Committee on Vital and Health Statistics,
the Consolidated Health Informatics eGov Initiative, and Connecting for Health as the appropriate standard in this area (2--5). PHIN also provides a process for developing detailed specifications for early-detection message
content.

Analysis and visualization (No. 6).
This standard governs the use of commercial applications for analysis
and visualization, which use industry standards for accessing data from the database. This standard facilitates the use of a validated aberration-detection algorithm in multiple, diverse systems.

Directories of public health and clinical personnel (No. 7).
Such directories are critical tools, both for identifying
the persons (or positions) who need to receive and transmit data, and to support role-based security to
ensure appropriate access to data and secure data against unauthorized access. Because alerts frequently need to travel between jurisdictions, a standards-based directory (Lightweight Directory Access Protocol [LDAP], which uses a public health directory
data model developed jointly by state, local, and federal partners as part of the PHIN process) can facilitate exchange
of information among, for example, emergency-response personnel in adjacent local jurisdictions and public
health personnel at the state level.

Public health information dissemination and alerting (No.
8). This function is essential for communicating
and responding to any outbreak identified by an
early-detection system. Public health partners must be able to transmit
and receive alerts in a timely fashion by appropriate mechanisms 24 hours/day, 7 days/week. The function might use e-mail or back-up modes (e.g., pagers and telephones) for notification. In addition, specifications are necessary to
permit bidirectional, secure communications among health officials using PHIN-compatible directories and security so
that sensitive information can be appropriately shared, discussed, and analyzed, An early-detection system needs to address how it will interface with local and state secure-communications systems.

IT security and critical infrastructure protection (No. 9).
Security specifications are an essential element of
early detection systems. Carefully planned approaches to protect system security and continuity of operations are needed to ensure that a system is available in the event of an emergency. A state's security strategy should be consistent with the state's approach to information-system security, rather than requiring an anomalous approach, such as implementation
of two-factor authentication (i.e., use of two different modalities to ensure an individual is authenticated [e.g., password and secure token, or password and digital certificate]).

Implementing Systems Compliant with the Public Health
Information Network

PHIN's specifications and functions are the building blocks for interoperable standards-based systems.
However, considerable discussion has ensued about appropriate processes for turning these relatively high-level specifications into functioning systems. The CDC Information Council, the official governance body for CDC and its public health
partners (including Association of State and Territorial Health Officials, National Association of County and City Health Officials, Council of State and Territorial Epidemiologists, Association of Public Health Laboratories, and National Association of Public Health Statistics and Information Systems) asked the Gartner Group, an experienced IT consulting firm, to recommend implementation approaches for PHIN specifications and functions, as well as processes for managing evolution
of the architecture and data standards. In 2003, the Gartner Group issued a report addressing the PHIN functions
and specifications and recommended approaches that might accelerate their implementation
(7). The study team interviewed state and local health departments and examined documents and design specifications at CDC. The final report endorsed the PHIN standards and specifications as
appropriate for use in public health. It also noted that CDC's public health
partners universally agreed to the vision and overall direction of PHIN and emphasized that successful implementation of PHIN
is critically dependent upon the commitment of CDC and its public health partners. The
report also identified areas needing further clarification or
expansion of the PHIN architecture.

For systems that are underway or still in development, the Gartner Group recommended an evolutionary
approach toward PHIN compatibility. They recommended that application development teams focus first on compatibility of the
data model with PHIN data standardsand use of controlled medical vocabularies. Doing so would permit creation of data that
can be easily aggregated at the national level by using extensible markup language (XML) schema. They also recommended use
of HL7 messaging format for transport and security standards to share data securely between public health partners and CDC. A third recommendation was to focus on standards-based directory services (LDAP) to allow authorized and controlled
access. Finally, they recommended that CDC provide tools (e.g., tools for secure message transport) built on PHIN standards that could be made available to states and their partners.

The Gartner study recommended that PHIN allow for multiple solutions, particularly for those components that are
more technically challenging or new in the market (e.g., HL7 version 3.0, ebXML; http://www.hl7.org). However, they
emphasized that the goal of a live network should be maintained even as different solutions are implemented. They recommended PHIN standards be required for investments of federal public health funding. Finally, they emphasized the importance of security at all levels of state public health infrastructure, recommending that states undertake independent verification and
validation studies to provide an independent assessment of system security.

In addition to resources invested by states and local jurisdictions, additional funds are available to support PHIN in general and its use for early detection in particular. Since FY 1999, all 50 states have received funding through the Health Alert Network for continuous broadband internet connectivity among states and local health departments. Certain states have
also used this funding to provide connections with
clinical-care delivery partners and emergency-management partners. Since
FY 2000, states have also received funding for standards-based surveillance systems through NEDSS, which implements
the PHIN standards for clinical data exchange in the area of clinical laboratory data and nationally notifiable diseases. In FY 2002, the Public Health and Social Service Emergency Fund awarded >$1 billion for state and local public health
preparedness
capacity. A substantial portion of these funds have been directed to investments in IT systems; both CDC and the
Health Resources Services Administration (HRSA) require that all IT investments use the PHIN specifications and functions (1). In September 2003, the second round of preparedness funding was awarded, which continued to require use of
PHIN specifications and functions when funding IT investments. By September 2003, HRSA grants had increased to
$498,000,000, directed toward enhancement of hospital surge capacity to deal with terrorist events. This funding could be used, in part, to strengthen the communication and data interchange between hospital partners and public health.

Consistent with the Gartner Group recommendations, CDC has developed and made available tools to assist in
developing PHIN-compliant systems. The PHIN Messaging System is a software program that supports standards-based, bidirectional, interinstitutional message transport using the ebXML standard with Public Key Infrastructure (PKI) encryption
(8). It provides a message-transport tool for point-to-point messaging, thereby addressing the need for secure authentication
and authorization between sender and receiver as well as handling encryption of the message payload.

In January 2004, CDC released a beta version of PHIN Vocabulary Services, which provides access to >80 key standard reference tables, as well as supporting version control and maintenance of those standard reference tables (9). This tool should facilitate using controlled vocabularies in local systems and support CDC-developed systems.

CDC has also published implementation guides that specify data standards for the message format for data
exchange messages (e.g., those dealing with electronic laboratory reporting, test orders, and demographic information available
from hospital admission discharge transfer [ADT] systems)
(10).

Finally, CDC has collaborated with partners from the U.S. Department of Defense, U.S. Veterans Administration,
the private sector, Harvard University, University of Pittsburgh, and state and local health departments to develop BioSense (11). BioSense is an Internet-accessible secure system that permits state or metropolitan-area users to visualize information about their locality from different early-detection data sources. It maps the data at a zip-code level and incorporates
statistical analyses to identify possible aberrations warranting further investigation. Phase 1 of BioSense is in beta testing. It is intended to be complementary with local efforts. In Phase 2, BioSense will be able to incorporate local
data-collection efforts that use PHIN standards to provide a more complete view of data sources relevant to a particular area.

Rapid detection of possible terrorist events is of considerable urgency. However, using a standards-based approach
in surveillance is critical, both to accomplish the early detection objective and to facilitate rapid investigation of and response
to multiple events of public health importance. Investing wisely by developing effective PHIN-compliant systems will
have enormous benefits for the health of the public.

US Department of Health and Human Services. Information for health: a strategy for building the national health information infrastructure ---
report and recommendations from the National Committee on Vital and Health Statistics, Washington, DC: US Department of Health and
Human Services, 2001. Available at
http://www.ncvhs.hhs.gov/nhiilayo.pdf.

Loonsk JL. BioSense: a national initiative for early
detection and quantification of public health events. MMWR 2004;53 (Suppl):53--5.

Use of trade names and commercial sources is for identification only and does not imply endorsement by the U.S. Department of
Health and Human Services.References to non-CDC sites on the Internet are
provided as a service to MMWR readers and do not constitute or imply
endorsement of these organizations or their programs by CDC or the U.S.
Department of Health and Human Services. CDC is not responsible for the content
of pages found at these sites. URL addresses listed in MMWR were current as of
the date of publication.

DisclaimerAll MMWR HTML versions of articles are electronic conversions from ASCII text
into HTML. This conversion may have resulted in character translation or format errors in the HTML version.
Users should not rely on this HTML document, but are referred to the electronic PDF version and/or
the original MMWR paper copy for the official text, figures, and tables.
An original paper copy of this issue can be obtained from the Superintendent of Documents,
U.S. Government Printing Office (GPO), Washington, DC 20402-9371; telephone: (202) 512-1800.
Contact GPO for current prices.

**Questions or messages regarding errors in formatting should be addressed to
mmwrq@cdc.gov.